Electronic Voting Machines Blasted by
Scientists, Hacked by Author

SCOOP EDITOR'S NOTE:
What follows is a set of discoveries, the result of
the first-ever public examination of a secret, proprietary
computer program used to count votes in 37 states. A hundred
dollar item allows anyone to stuff the ballot box; remote
access was left unprotected, encryption keys were made
available to hackers, and passwords, audit logs and votes
were easily compromised.

This report, and all
information not attributed to others here, was provided by
Bev Harris, author of "Black Box Voting: Ballot-Tampering in
the 21st Century."

You can overwrite
votes. You can vote more than once. The system is vulnerable
to both inside and outside attacks. Intruders can overwrite
audit logs. You can assign passwords to all your friends.

"Our analysis shows that this voting system is far
below even the most minimal security standards applicable in
other contexts." -- Researchers from Johns Hopkins
and Rice Universities, in paper just released: "Analysis of
an Electronic Voting System"
http://avirubin.com/vote.pdf

These
discoveries were made after examining Diebold voting system
files left on an open web site, in a security breach
somewhat stunning in magnitude. These files had been
stored, unprotected, on a company web site for several
years. The site appeared to be in continuous use, with new
files added frequently, and its design invited visitors into
an ftp page, which was available with anonymous access and
no password. On January 29, 2003, shortly after Bev Harris
found the site (which caused her to interview Diebold
employees about it) the web site was removed from public
access. By this time, its files had been downloaded by
several people in various locations around the world.

On
July 8, 2003 an Internet publication called Scoop Media
released the location of a complete set of files. Alastair
Thompson, the publisher and editor of Scoop Media, says he
believed that the files were of critical importance in
assessing whether Diebold officials and certifiers have been
telling the truth about voting machine security.

Diebold
machines are used in 37 states; Maryland just spent $55
million on 11,000 of these machines, and the state of Ohio
is considering switching all counties to Diebold machines, a
purchase estimated to be as high as $150 million. The state
of Georgia bought Diebold machines in 2002, investing $55
million to purchase over 22,000 machines.

The files on
the Diebold ftp site indicate that security flaws are not
limited to touch screen machines; the problems with
Diebold's GEMS software also exist in Diebold optical scan
machines, like those used in King County Washington. For a
complete list of locations using Diebold machines as of Feb.
2003, go to the list of Diebold locations found in:
http://www.blackboxvoting.org/mfr.pdf,
bearing in mind that many new purchases have been made since
that time.

State laws typically allow only limited
examination of the paper ballots, taking tallies directly
from Diebold optical scan machines, even in recounts.
Therefore, insecure optical scan software also poses a grave
risk to voting security, since tampering is unlikely to be
spotted. Under a previous company name (Global Election
Systems) Diebold machines counted 40 percent of Florida in
election 2000.

Diebold systems go by the name "AccuVote"
and "AccuTouch," and the software program is called
"GEMS."

"We highlight several
issues including unauthorized privilege escalation,
incorrect use of cryptography, vulnerabilities to network
threats, and poor software development processes. For
example, common voters, without any insider privileges, can
cast unlimited votes without being detected by any
mechanisms within the voting terminal."

"Furthermore, we
show that even the most serious of our outsider attacks
could have been discovered without the source code. In the
face of such attacks, the usual worries about insider
threats are not the only concerns; outsiders can do the
damage. That said, we demonstrate that the insider threat is
also quite considerable. We conclude that, as a society, we
must carefully consider the risks inherent in electronic
voting, as it places our very democracy at risk." More:
http://avirubin.com/vote.pdf

Other security flaws:

- Bev Harris bypassed the
Diebold voting system password in 10 minutes, using the
officially certified version of the GEMS program. See
illustration:

The
state of California, which is soon to have an election on
the recall of Governor Gray Davis, has Diebold machines in
many counties, including heavily populated Los Angeles and
San Diego counties.

"I have called King County four
times, trying to show the task force where the problems are,
including problems that I have not yet published. They have
yet to respond. They have not even asked me to send them a
report," says Harris, who lives in King County and must vote
on its Diebold machines.

Harris hopes to obtain a higher
level of cooperation from Microsoft, upon whose operating
system the Diebold voting program is based.

"One of my
sources reported a problem in the Windows code, apparently a
change made by the Diebold programmers that could affect
security, and I explained the urgency of the situation. I
told Microsoft that these machines are used in 37 states,
and requested immediate help to identify whether the Windows
code had indeed been rewritten, and an opinion from them as
to whether it compromises security. I hope to obtain their
assistance as soon as possible."

According to Professor
Douglas Jones, at an official examination in Iowa, when
asked about this, the representatives of Global [Global
Election Systems, now Diebold Election Systems] stated,
firmly, that the version of Windows they used was purely
unmodified commercial off-the-shelf software, and therefore
not subject to a source code audit under the FEC/NASED
certification rules. He discussed potential problems with
this in his testimony before the U.S. Congress (House
Science Committee on May 22, 2001. See "Problems with Voting
System Standards"
http://www.cs.uiowa.edu/~jones/voting/congress.html)

-
See also: Misleading statements by Diebold about remote
communications in voting machines. If Diebold does not tell
the truth about a simple thing like "do these voting
machines have modems," can we believe the rest of what they
have to say?

(contains photocopy of modem and internet communications
with Wide Area Network and Web servers, from the Diebold
sales presentation made to the State of Georgia); the touch
screen machines also contain wireless communications devices
and land line connectivity.

In
the July 24 New York Times article, when asked about the
unprotected web site, Diebold spokesman Joe Richardson
states that "files were over a year old."

In fact, the
files were being uploaded to the web site almost daily,
until it was taken down on Jan. 29, 2003. Experts indicate
that rewriting or correcting problems will not be a simple
task, since the problems are built into the architecture of
the system itself, and any revisions will require
recertification before the machines can be used.

"This is a program that will have been set
up by your Diebold Support Specialist to connect directly
into the Diebold FTP site. It is easy to use and fun as
well. Connect to the Internet the normal way…"

Note that
Diebold officials have insisted that the machines do not
connect to the Internet, "for obvious security reasons."
(See statements at

The story gets a bit odder here. An
unelected person named R. Doug Lewis runs a private
non-profit organization called "The Election Center." Lewis
is possibly the most powerful man in the U.S., influencing
election procedures and voting systems, yet he is vague
about his credentials and no one seems to be quite sure who
hired him or how he came to oversee such vast electoral
functions. Lewis organized the National Association of
Secretaries of State (NASS, now heavily funded by voting
machine vendors); he also organized the National Association
of State Election Directors (NASED) and, through them, Lewis
told Harris he helps certify the certifiers.

Wyle
Laboratories is the most talked-about voting machine
certifier, probably because it is the biggest, but in fact,
Wyle quit certifying voting machine software in 1996. It
does test hardware: Can you drop it off a truck? Does it
stand up to rain?

Software testing and certification is
done by Shawn Southworth. When Ciber quit certifying in
1996, it was taken over by Nichols Research, and Southworth
was in charge of testing. Nichols Research stopped doing the
testing, and it was taken over by PSInet, where Southworth
did the testing. PSInet went under, and testing functions
were taken over by Metamore, where Southworth did the
testing. Metamore dumped it, and it was taken over by Ciber,
where Southworth does the testing.

Here is a photo of
Shawn Southworth:

What are Shawn
Southworth's credentials? We are not allowed to ask. The
rules are set by R. Doug Lewis of The Election Center, which
states that the certifiers will not answer questions from
the media, or from anyone else.

According to Dr. David
Dill of Stanford, formal questions were posed to Wyle and
Ciber about what is done to test these machines, but both
declined to answer.

Dr. Dill's statement on electronic
voting has gained the endorsement of several hundred
computer scientists who agreed, even before the problems
were found in the Diebold system, that electronic voting is
inherently unsafe.

"Computerized
voting equipment is inherently subject to programming error,
equipment malfunction, and malicious tampering. It is
therefore crucial that voting equipment provide a
voter-verifiable audit trail, by which we mean a permanent
record of each vote that can be checked for accuracy by the
voter before the vote is submitted, and is difficult or
impossible to alter after it has been checked. Many of the
electronic voting machines being purchased do not satisfy
this requirement. Voting machines should not be purchased or
used unless they provide a voter-verifiable audit trail;
when such machines are already in use, they should be
replaced or modified to provide a voter-verifiable audit
trail. Providing a voter-verifiable audit trail should be
one of the essential requirements for certification of new
voting systems."

WHO
RUNS DIEBOLD ELECTION SYSTEMS? WHO WROTE THE
PROGRAMS?

Bob Urosevich is the CEO of Diebold Election
Systems. Urosevich created the original software
architecture for Diebold Election Systems, and his original
company, called I-Mark Systems, can be found in the source
code signatures.

Prior to programming for and taking over
Diebold Election Systems, Urosevich programmed for and was
CEO of Election Systems & Software (ES&S), which counts 56
percent of the votes in the United States. When Urosevich
left ES&S, Chuck Hagel took his position. (Hagel then ran
for the U.S. Senate, with ES&S machines counting his own
votes, but failed to disclose that he had been both CEO and
Chairman of ES&S on his disclosure documents).

Bob
Urosevich, together with his brother Todd, founded ES&S. Bob
then went to run Diebold, while Todd still is a Vice
President at ES&S. Diebold and ES&S, together, count about
80 percent of the votes in the United States.

WHO ELSE WRITES PROGRAMS FOR
DIEBOLD?

Many of the Diebold code-writers are not in
the United States, and some are outside contractors, not
employees. Talbot R. Iredale, who has been a stockholder in
the election company, is one of the key programmers. The
Windows files, which appear to have been changed, are found
in a file that is referenced to Iredale's own computer hard
drive. Another key programmer is Dmitry Papushin. Some of
the optical scan software was written by Guy Lancaster. Both
Iredale and Lancaster live in Vancouver, Canada.

IS THERE MORE TO COME?

Bev Harris is
developing a follow-up story about Windows files used in the
Diebold voting machines. These files were reportedly changed
frequently prior to the 2002 general election, and sources
say they came out of Diebold's office, not from Microsoft.
Programmers do make small changes in Windows files
sometimes, but in the case of voting machines, any such
changes must be reviewed, since only "off the shelf"
software that is identical to the standard version can go
unexamined.

All 22,000 machines in Georgia received an
unexamined, uncertified program change immediately before
the Nov. 2002 general election, and some of those "updates"
were on the Diebold web site, including a file called
"rob-georgia.zip" and an unusual file dated six days after
the election which refers to "repairing" some kind of
database, in the same format as the vote databases.

# # # # #

ENDNOTE: This is a
multifaceted story that will unfold continuously over the
next year, but the urgent concern of many U.S. voters is
that their next votes will be secure. Already some citizens
are demanding an immediate moratorium on all electronic
voting, until all systems can be examined, voter-verified
paper trails are in place, remote access mechanisms are
removed, and robust audits are required.

If you or your
organisation want to help in coordinating the communications
drive on this issue the best place to start is:

Scoop is NZ's largest independent news source; respected widely in media, political, business and academic circles for being the place on the internet for publishing "what was really said", and for the quality of its analysis of issues.

Contact Scoop

So, what happens next? Normally when a major policy like this gets so crushingly rejected – by 230 votes, when Theresa May had reportedly been hoping for a defeat by “only” 70- 100 votes – the PM would resign and/or a fresh election called. More>>

For the past 100 years, the West has sold out the Kurds over and over again. So much so that it came as a surprise yesterday when US National Security advisor John Bolton appeared to walk back the latest act of betrayal... More>>

ALSO:

What do you call a situation where the state tries to create panic among its own people for party political gain? As practiced by Theresa May and her faction of the Conservative Party, this has become a well-honed form of state terrorism… More>>

2018 has been quite a year for Scoop. We are so thrilled to have successfully met the funding target for the first stage of the ‘Scoop 3.0’ plan raising $36,000. This means we can now proceed with the planning phase for the delivery of this bold vision for a community-owned, participatory, independent newsroom... More>>